Total
88 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-1987 | 2 Puppet, Puppetlabs | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2024-11-21 | 3.5 LOW | N/A |
Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. | |||||
CVE-2012-1986 | 2 Puppet, Puppetlabs | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2024-11-21 | 2.1 LOW | N/A |
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket. | |||||
CVE-2012-1906 | 2 Puppet, Puppetlabs | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2024-11-21 | 3.3 LOW | N/A |
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. | |||||
CVE-2012-1054 | 2 Puppet, Puppetlabs | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2024-11-21 | 4.4 MEDIUM | N/A |
Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login. | |||||
CVE-2012-1053 | 2 Puppet, Puppetlabs | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2024-11-21 | 6.9 MEDIUM | N/A |
The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. | |||||
CVE-2012-0891 | 1 Puppet | 2 Puppet Dashboard, Puppet Enterprise | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. | |||||
CVE-2011-3872 | 2 Puppet, Puppetlabs | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2024-11-21 | 2.6 LOW | N/A |
Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability." | |||||
CVE-2023-5309 | 1 Puppet | 1 Puppet Enterprise | 2024-02-28 | N/A | 9.8 CRITICAL |
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. | |||||
CVE-2023-2530 | 1 Puppet | 1 Puppet Enterprise | 2024-02-28 | N/A | 9.8 CRITICAL |
A privilege escalation allowing remote code execution was discovered in the orchestration service. | |||||
CVE-2023-1894 | 1 Puppet | 2 Puppet Enterprise, Puppet Server | 2024-02-28 | N/A | 5.3 MEDIUM |
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. | |||||
CVE-2021-27026 | 1 Puppet | 3 Puppet, Puppet Connect, Puppet Enterprise | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged | |||||
CVE-2021-27023 | 2 Fedoraproject, Puppet | 4 Fedora, Puppet Agent, Puppet Enterprise and 1 more | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | |||||
CVE-2021-27025 | 2 Fedoraproject, Puppet | 4 Fedora, Puppet, Puppet Agent and 1 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | |||||
CVE-2021-27019 | 1 Puppet | 2 Puppet Enterprise, Puppetdb | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
PuppetDB logging included potentially sensitive system information. | |||||
CVE-2021-27020 | 1 Puppet | 1 Puppet Enterprise | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export. | |||||
CVE-2021-27021 | 1 Puppet | 3 Puppet, Puppet Enterprise, Puppetdb | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | |||||
CVE-2021-27022 | 1 Puppet | 2 Puppet, Puppet Enterprise | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. This issue only affects SSH/WinRM nodes (inventory service nodes). | |||||
CVE-2015-1855 | 3 Debian, Puppet, Ruby-lang | 5 Debian Linux, Puppet Agent, Puppet Enterprise and 2 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters. | |||||
CVE-2013-4968 | 1 Puppet | 1 Puppet Enterprise | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." | |||||
CVE-2019-10694 | 1 Puppet | 1 Puppet Enterprise | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end of the install to set the admin password. If they do not use that URL, there is an overlooked default password for the admin user. This was resolved in Puppet Enterprise 2019.0.3 and 2018.1.9. |